67,511
社区成员
发帖
与我相关
我的任务
分享
<http auto-config="true" access-denied-page="/error/accessDenied.jsp" >
<!-- 不要过滤图片等静态资源 -->
<intercept-url pattern="/**/*.jpg" filters="none" />
<intercept-url pattern="/**/*.png" filters="none" />
<intercept-url pattern="/**/*.gif" filters="none" />
<intercept-url pattern="/**/*.css" filters="none" />
<intercept-url pattern="/**/*.js" filters="none" />
<!-- 登录页面和忘记密码页面不过滤-->
<intercept-url pattern="/login.jsp" filters="none" />
<intercept-url pattern="/jsp/forgotpassword.jsp"
filters="none" />
<!--登录页面错误-->
<form-login login-page="/login.jsp"
authentication-failure-url="/login.jsp?error=true"
default-target-url="/index.jsp" />
<logout invalidate-session="true"
logout-success-url="/"
logout-url="/j_spring_security_logout"/>
<!-- 检测失效的sessionId,超时时定位到另外一个URL-->
<session-management invalid-session-url="/error/sessionTimeout.jsp" />
<!--增加一个自定义的filter,放在FILTER_SECURITY_INTERCEPTOR之前, 实现用户、角色、权限、资源的数据库管理。-->
<custom-filter ref="onionPortalSecurityFilter" before="FILTER_SECURITY_INTERCEPTOR" />
</http>